You are browsing the archive for 2012 December.

Configmgr 2012 RTM/SP1 Part 1: Not so basic Applications and there Detection Methods

2:44 pm in Application Model, applications, ConfigMgr, ConfigMgr 2012, ConfigMgr 2012 SP1, Deployment, deployment types, detection methods, sccm, SCCM 2012, SCCM 2012 SP1, vbscript by Kenny Buntinx [MVP]


Hi Guys ,

I will start a series of blog posts that will list all common applications with requirements and dependencies you need to build your general OSD Task Sequence.

Today I will start with 2 great examples such as :

  1. Installing a or multiple certificate(s) for SCUP 2011 which is using a registry key as detection method
  2. Internet explorer 9 Post install hotfix which is using a script as detection method

Scenario 1 :

So let’s start with the first example , being certificate deployment as an application in a  task sequence :

Let’s ask ourselves first this question : Why would we use an application to deploy certificates during an OSD deployment if we have Group Policy Object to do it for us ? Well , the answer is :  This Microsoft document at: states that "The Setup Windows and ConfigMgr” task sequence action is responsible for running Group Policy on the newly installed computer. At which point during the task sequence action that Group Policy is applied depends on the operating system being deployed. On Windows XP and Windows Server 2003, Group Policy runs after the task sequence is finished, the task sequence GINA has been unloaded and then replaced with the GINA on Windows. On Windows Vista and Windows Server 2008, Group Policy runs after the Setup Windows and ConfigMgr task sequence action completes. "

Let’s build our Application now :

1. Export your self signed certificate , and place it in a source folder . For Windows 7 , you don’t need any additional tooling , for XP you do. You need “certutilxp.exe and certadm.dll”


2. Create 2 batch files :

Install.cmd –> For Win7


Install_XP.cmd –> For XP


3. Create your application . In this example “ WSUS Self Signed Certificate”


4. Create 2 deployment types . One for XP and one for Win7 .


5. On the “Detection Method” tab , specify a registry key

In my case : HKLM\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511 and HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6BFF5439A57586FEF61B8D8E2194A96DD459B511


Where does the “6BFF5439A57586FEF61B8D8E2194A96DD459B511” value comes from ? It will come from the properties of your exported certificate.

Take the properties of your certificate and take a look at the value “ Thumbprint” as shown below :


6. Define your requirement here directly or with a global condition :


7. Your done !

Scenario 2 : Internet explorer 9 Post install hotfix

So let’s start with the second example , being an Internet explorer 9 fix  deployment as an application in a  task sequence :

Why ? I was looking at several Windows 7 machines in an environment that whenever a new domain user who had never logged onto a machine before got the following error message:

The User Profile Service service failed the logon.

User profile cannot be loaded.


Now in this case there was an existing Microsoft KB article for this located here

Let’s build our Application now :

1. Create a VBS with the following lines :



2.  Create your application . In this example “ Internet Explorer 9 Post Install Fix”


3. Create a deployment type.


4. Specify your Program to run . In this case “IE9….vbs”


5. Now we will use a script as detection method . If the exit code is a non-zero value, then the script has failed and the application detection status is unknown. If the exit code is zero and STDOUT contains data then the application detection state is installed. –> see

From my experience, if you use a vbscript method of detection; any returned value from wscript.echo, anything at all, means that the detection passed.  Even if you wscript.echo "FALSE", it doesn’t matter; something was returned, the script passed.

If you don’t want it to pass detection, simply don’t echo anything.


6. We specify VBScript as language and past a script to detect if the file is there or not .



Hope it Helps ,

Kenny Buntinx

Configmgr 2012 : How to create custom boot images that will support #VMware’s native VMXnet3 NIC

8:46 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2012, ConfigMgr 2012 SP1, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM 2012 SP1, sccm2007, Vmware by Kenny Buntinx [MVP]


Though VMware Tools does not support the WAIK or ADK’s WINPE 3.1 environment, you can take advantage of specific VMware Tools drivers, such as vmxnet3, and pvscsi by creating a customized Configmgr 2007/2012 Boot Image .

To create a customized Configmgr 2007/2012 Boot Image :

  • On your Primary site server Click Start > All Programs > Microsoft Windows AIK > Windows PE Tools Command Prompt to open the Windows PE Tools command prompt.
  • Run this command to create a Windows PE build environment in the WinPE folder.
      • for a 32bit boot wim – copype x86 C:\winpe-x86
      • for a 64bit boot wim – copype amd64 C:\winpe-amd64
  • Install VMware Tools on Windows 2008 and copy the entire contents of the C:\Program Files\VMWare\VMWare Tools\Drivers\pvscsi and vmxnet3 folders to a C:\VMDrivers folders on the virtual machine.
  • From the Windows PE command prompt (<Drive>:\winpe-x86), run this command to mount winpe.wim to the mount folder:
    dism /mount-Wim /wimfile:<drive>:\winpe.wim 1 /mountdir:<drive>:\WinPE_tmp
  • Run this command at the Windows PE Tools command prompt to copy the vmxnet, vmxnet3 (enhanced), and pvsci drivers:
    winpe.wim: dism /image:<drive>:\WinPE_tmp /Add-Driver /driver:c:\VMDrivers /recurse
  • Run this command to save the changes to winpe.wim:
    dism /unmount-Wim /Mountdir:<drive>:\WinPE_tmp /commit

Import your custom bootimages in Configmgr 2007/2012 and distribute them to your DP . Your done !

Hope it Helps ,

Kenny Buntinx